$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
7050e35b49f5: Pull complete
Digest: sha256:faa03e786c97f07ef34423fccceeec2398ec8a5759259f94d99078f264e9d7af
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented: unknown.
ERRO[0008] error waiting for container: context canceled
This seems to be a missing CGROUP on the kernels on both images. Any way around this?
EDIT: Of course recompiling the kernel (https://wiki.radxa.com/Rock5/guide/build-kernel-on-5b) should work, but IMO Docker should work out of the box because it is not a weird edge-case use. I assume most people who run Rock 5B use it to run Docker containers.
It IS a weird edge-case use for Rockchip. The default BSP kernel is nothing more than an Android Kernel and it is very feature lacking if you want to use it on regular GNU Linux. The Radxa repo has merged kernel configs to enable features required for containers, for example rockchip_linux_defconfig: add Kubernetes support2 by opsiff · Pull Request #36 · radxa/kernel · GitHub but that’s for Kubernetes, I think you need to enable additional features to support docker.
Google translate:You need to add “systemd.unified_cgroup_hierarchy=0” to /boot/config.txt, which is a parameter for the kernel
For example: “cmdline: systemd.unified_cgroup_hierarchy=0”
Finally execute sudo update_extlinux.sh and restart the system
Google and some hair pulling usually. but some are docker regulars and pretty much know it inside out
So great as docker was wanting with the Debian image
These are the ones I use (cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1) in the cmdline.txt. I also turn off wifi and bluetooth in the config.txt.
Depending on whether you are using RPiOS or Ubuntu of course
RPiOS - /boot/cmdline.txt and /boot/configtxt
Ubuntu - /boot/firmware/cmdline.txt and /boot/firmware/config.txt
Let me know if you need my exact commands for each file.
I am going to assume you mean Rock Pi 5B as opposed to Rock Pi 4b v1.5?
I packaged the latest podman version for debian/ubuntu in aarch64, if you want to give it a try. Didn’t really get to taking it for a spin, since the little one got a tough cold. But I don’t see anything problematic. I stopped at the setup of firewalld to redirect to a non-privileged port. But it seems, that netfilter and nftables is problematic in this setup (or, the much more plausible option, the problem is on layer 8… happens a lot with me)
Its actually the oppisite as we have to swap from nftables to iptables-legacy as that is the problem with Docker as it doesn’t work with the newer nf_tables
shouldn’t there be at least some nf* module loaded?
as an example from my rockpro64 running armbian nf_tables 212992 1567 nft_compat,nft_counter,nft_chain_nat
x_tables is netfilter so is nfnetlink iptables is just the userspace program using them.
Apart from that haven’t a clue as rarely use and was searching for where iptables had gone.
Guess you will have to do some reading of nftables - Debian Wiki as just dunno
